136 // current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL
137 CipherSuite cipherSuite;
138
139 // current key exchange. Never null, initially K_NULL
140 KeyExchange keyExchange;
141
142 /* True if this session is being resumed (fast handshake) */
143 boolean resumingSession;
144
145 /* True if it's OK to start a new SSL session */
146 boolean enableNewSession;
147
148 // Whether local cipher suites preference should be honored during
149 // handshaking?
150 //
151 // Note that in this provider, this option only applies to server side.
152 // Local cipher suites preference is always honored in client side in
153 // this provider.
154 boolean preferLocalCipherSuites = false;
155
156 // Temporary storage for the individual keys. Set by
157 // calculateConnectionKeys() and cleared once the ciphers are
158 // activated.
159 private SecretKey clntWriteKey, svrWriteKey;
160 private IvParameterSpec clntWriteIV, svrWriteIV;
161 private SecretKey clntMacSecret, svrMacSecret;
162
163 /*
164 * Delegated task subsystem data structures.
165 *
166 * If thrown is set, we need to propagate this back immediately
167 * on entry into processMessage().
168 *
169 * Data is protected by the SSLEngine.this lock.
170 */
171 private volatile boolean taskDelegated = false;
172 private volatile DelegatedTask<?> delegatedTask = null;
173 private volatile Exception thrown = null;
174
175 // Could probably use a java.util.concurrent.atomic.AtomicReference
461 * Sets the server name indication of the handshake.
462 */
463 void setSNIServerNames(List<SNIServerName> serverNames) {
464 // The serverNames parameter is unmodifiable.
465 this.serverNames = serverNames;
466 }
467
468 /**
469 * Sets the server name matchers of the handshaking.
470 */
471 void setSNIMatchers(Collection<SNIMatcher> sniMatchers) {
472 // The sniMatchers parameter is unmodifiable.
473 this.sniMatchers = sniMatchers;
474 }
475
476 /**
477 * Sets the cipher suites preference.
478 */
479 void setUseCipherSuitesOrder(boolean on) {
480 this.preferLocalCipherSuites = on;
481 }
482
483 /**
484 * Prior to handshaking, activate the handshake and initialize the version,
485 * input stream and output stream.
486 */
487 void activate(ProtocolVersion helloVersion) throws IOException {
488 if (activeProtocols == null) {
489 activeProtocols = getActiveProtocols();
490 }
491
492 if (activeProtocols.collection().isEmpty() ||
493 activeProtocols.max.v == ProtocolVersion.NONE.v) {
494 throw new SSLHandshakeException("No appropriate protocol");
495 }
496
497 if (activeCipherSuites == null) {
498 activeCipherSuites = getActiveCipherSuites();
499 }
500
|
136 // current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL
137 CipherSuite cipherSuite;
138
139 // current key exchange. Never null, initially K_NULL
140 KeyExchange keyExchange;
141
142 /* True if this session is being resumed (fast handshake) */
143 boolean resumingSession;
144
145 /* True if it's OK to start a new SSL session */
146 boolean enableNewSession;
147
148 // Whether local cipher suites preference should be honored during
149 // handshaking?
150 //
151 // Note that in this provider, this option only applies to server side.
152 // Local cipher suites preference is always honored in client side in
153 // this provider.
154 boolean preferLocalCipherSuites = false;
155
156 // Whether to send TLS_FALLBACK_SCSV as part of the cipher suite
157 // list in the Client Hello.
158 boolean sendFallbackSCSV;
159
160 // Temporary storage for the individual keys. Set by
161 // calculateConnectionKeys() and cleared once the ciphers are
162 // activated.
163 private SecretKey clntWriteKey, svrWriteKey;
164 private IvParameterSpec clntWriteIV, svrWriteIV;
165 private SecretKey clntMacSecret, svrMacSecret;
166
167 /*
168 * Delegated task subsystem data structures.
169 *
170 * If thrown is set, we need to propagate this back immediately
171 * on entry into processMessage().
172 *
173 * Data is protected by the SSLEngine.this lock.
174 */
175 private volatile boolean taskDelegated = false;
176 private volatile DelegatedTask<?> delegatedTask = null;
177 private volatile Exception thrown = null;
178
179 // Could probably use a java.util.concurrent.atomic.AtomicReference
465 * Sets the server name indication of the handshake.
466 */
467 void setSNIServerNames(List<SNIServerName> serverNames) {
468 // The serverNames parameter is unmodifiable.
469 this.serverNames = serverNames;
470 }
471
472 /**
473 * Sets the server name matchers of the handshaking.
474 */
475 void setSNIMatchers(Collection<SNIMatcher> sniMatchers) {
476 // The sniMatchers parameter is unmodifiable.
477 this.sniMatchers = sniMatchers;
478 }
479
480 /**
481 * Sets the cipher suites preference.
482 */
483 void setUseCipherSuitesOrder(boolean on) {
484 this.preferLocalCipherSuites = on;
485 }
486
487 /**
488 * Sets whether to send TLS_FALLBACK_SCSV.
489 */
490 void setSendFallbackSCSV(boolean on) {
491 this.sendFallbackSCSV = on;
492 }
493
494 /**
495 * Prior to handshaking, activate the handshake and initialize the version,
496 * input stream and output stream.
497 */
498 void activate(ProtocolVersion helloVersion) throws IOException {
499 if (activeProtocols == null) {
500 activeProtocols = getActiveProtocols();
501 }
502
503 if (activeProtocols.collection().isEmpty() ||
504 activeProtocols.max.v == ProtocolVersion.NONE.v) {
505 throw new SSLHandshakeException("No appropriate protocol");
506 }
507
508 if (activeCipherSuites == null) {
509 activeCipherSuites = getActiveCipherSuites();
510 }
511
|